Hello community, here is the log from the commit of package rubygem-sprockets for openSUSE:Factory checked in at 2018-06-20 15:34:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-sprockets (Old) and /work/SRC/openSUSE:Factory/.rubygem-sprockets.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-sprockets" Wed Jun 20 15:34:02 2018 rev:36 rq:617845 version:3.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-sprockets/rubygem-sprockets.changes 2016-12-29 22:47:01.341718679 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-sprockets.new/rubygem-sprockets.changes 2018-06-20 15:34:10.731932909 +0200 @@ -1,0 +2,10 @@ +Tue Jun 19 16:14:03 UTC 2018 - [email protected] + +- updated to version 3.7.2 + see installed CHANGELOG.md + + **3.7.2** (June 19, 2018) + + * Security release for [CVE-2018-3760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3760). + +------------------------------------------------------------------- Old: ---- sprockets-3.7.1.gem New: ---- sprockets-3.7.2.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-sprockets.spec ++++++ --- /var/tmp/diff_new_pack.uueGpL/_old 2018-06-20 15:34:13.607828556 +0200 +++ /var/tmp/diff_new_pack.uueGpL/_new 2018-06-20 15:34:13.611828411 +0200 @@ -1,7 +1,7 @@ # # spec file for package rubygem-sprockets # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ # Name: rubygem-sprockets -Version: 3.7.1 +Version: 3.7.2 Release: 0 %define mod_name sprockets %define mod_full_name %{mod_name}-%{version} @@ -34,7 +34,7 @@ BuildRequires: ruby-macros >= 5 BuildRequires: update-alternatives Url: https://github.com/rails/sprockets -Source: http://rubygems.org/gems/%{mod_full_name}.gem +Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1: gem2rpm.yml Summary: Rack-based asset packaging system License: MIT ++++++ sprockets-3.7.1.gem -> sprockets-3.7.2.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2016-12-20 02:29:28.000000000 +0100 +++ new/CHANGELOG.md 2018-06-19 17:33:53.000000000 +0200 @@ -1,3 +1,7 @@ +**3.7.2** (June 19, 2018) + +* Security release for [CVE-2018-3760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3760). + **3.7.1** (December 19, 2016) * Ruby 2.4 support for Sprockets 3. Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sprockets/manifest.rb new/lib/sprockets/manifest.rb --- old/lib/sprockets/manifest.rb 2016-12-20 02:29:28.000000000 +0100 +++ new/lib/sprockets/manifest.rb 2018-06-19 17:33:53.000000000 +0200 @@ -161,7 +161,8 @@ end else args.each do |path| - yield File.binread(File.join(dir, assets[path])) + asset = assets[path] + yield File.binread(File.join(dir, asset)) if asset end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sprockets/processing.rb new/lib/sprockets/processing.rb --- old/lib/sprockets/processing.rb 2016-12-20 02:29:29.000000000 +0100 +++ new/lib/sprockets/processing.rb 2018-06-19 17:33:53.000000000 +0200 @@ -232,7 +232,7 @@ end def deprecate_legacy_processor_interface(interface) - msg = "You are using the a deprecated processor interface #{ interface.inspect }.\n" + + msg = "You are using a deprecated processor interface #{ interface.inspect }.\n" + "Please update your processor interface:\n" + "https://github.com/rails/sprockets/blob/master/guides/extending_sprockets.md#supporting-all-versions-of-sprockets-in-processors\n"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sprockets/server.rb new/lib/sprockets/server.rb --- old/lib/sprockets/server.rb 2016-12-20 02:29:29.000000000 +0100 +++ new/lib/sprockets/server.rb 2018-06-19 17:33:53.000000000 +0200 @@ -115,7 +115,7 @@ # # http://example.org/assets/../../../etc/passwd # - path.include?("..") || absolute_path?(path) + path.include?("..") || absolute_path?(path) || path.include?("://") end def head_request?(env) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/sprockets/version.rb new/lib/sprockets/version.rb --- old/lib/sprockets/version.rb 2016-12-20 02:29:29.000000000 +0100 +++ new/lib/sprockets/version.rb 2018-06-19 17:33:53.000000000 +0200 @@ -1,3 +1,3 @@ module Sprockets - VERSION = "3.7.1" + VERSION = "3.7.2" end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2016-12-20 02:29:28.000000000 +0100 +++ new/metadata 2018-06-19 17:33:53.000000000 +0200 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: sprockets version: !ruby/object:Gem::Version - version: 3.7.1 + version: 3.7.2 platform: ruby authors: - Sam Stephenson @@ -9,7 +9,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2016-12-20 00:00:00.000000000 Z +date: 2018-06-19 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: rack @@ -333,7 +333,7 @@ version: '0' requirements: [] rubyforge_project: sprockets -rubygems_version: 2.5.2 +rubygems_version: 2.7.6 signing_key: specification_version: 4 summary: Rack-based asset packaging system
